RUSSIAN SECURITY OUTFIT Kaspersky has uncovered what it claims is the world's most powerful Android spyware tool,
According to Kaspersky, the spyware tool, dubbed 'Skygofree', enables attackers to crack Android devices and exfiltrate WhatsApp messages.
The tool dates back to 2014, and it's able to take audio from a smartphone's microphone when it's in a certain location. According to Kaspersky, attackers can also force infected devices to surreptitiously connect to particular WiFi networks to enable even more data slurping.
The app can get access to encrypted WhatsApp messages, thanks to a Google accessibility service, too.
"The payload uses the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages," said Kaspersky.
"Essentially, Accessibility Services provide a nice route into other applications as they have permission to do so, via an application programming interface (API)."
Although Kaspersky has refrained from laying blame, researchers did find links to Rome-based technology company Negg, one of a nest of software vendors in Italy that specialise in legal hacking tools, the most high-profile of which was Hacking Team.
Archived copies of Negg's website provide further insight into its alleged links to the spyware, according to Forbes, which suggests that the company offered cybersecurity and app development services.
While this information doesn't point to surveillance tools, the company has developed its own forensics offerings in the past and has used these capabilities to collect evidence from computers.
And, according to Forbes, two years ago the company was on the lookout for Android and iOS software engineers. It needed a candidate who had "knowledge of the techniques of dynamic and static analysis of malware".
Insiders claim that Negg has worked with the Italian authorities more recently. The researchers said: "They're working with the police now, I presume to fill the gap left behind by Hacking Team at this point."
These claims are congruent with Kaspersky's research, which suggests that the tool originates from Italy. Dubbed 'Skygofree' by Kaspersky, the company said it's one of the most powerful examples of Android spyware it's ever come across.
"As a result of the long-term development process, there are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features," claimed the company when it released its research on Tuesday. µ
Qubit off more than you could chew
Fox? Roadrunner more like
Sharkstooth CPU promises some bite
But there's no Play Store access or Google services